Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/631521-d4b7-4f10-8c06-87aa285f807c/1/Dapi8KrCV9KX1XMaivrd-aSs8iw.roa
File:                     Dapi8KrCV9KX1XMaivrd-aSs8iw.roa (raw, json)
Hash identifier:          5iF63mgGHgpO7iP9swLnvkHKn3SwBffY46MZGkhiUa4=
Subject key identifier:   0D:AA:62:F0:AA:C2:57:D2:97:D5:73:1A:8A:FA:DD:F9:A4:AC:F2:2C
Certificate issuer:       /CN=cf5ef7a870d4b148eb1d4f4fe666ed5054adeaec
Certificate serial:       79A5
Authority key identifier: CF:5E:F7:A8:70:D4:B1:48:EB:1D:4F:4F:E6:66:ED:50:54:AD:EA:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z173qHDUsUjrHU9P5mbtUFSt6uw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/631521-d4b7-4f10-8c06-87aa285f807c/1/Dapi8KrCV9KX1XMaivrd-aSs8iw.roa
Signing time:             Wed 09 Mar 2022 12:17:51 +0000
ROA not before:           Wed 09 Mar 2022 12:17:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     29028
IP address blocks:        195.20.143.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 31141 (0x79a5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf5ef7a870d4b148eb1d4f4fe666ed5054adeaec
        Validity
            Not Before: Mar  9 12:17:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0daa62f0aac257d297d5731a8afaddf9a4acf22c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:76:86:00:13:8a:d5:a9:08:8a:d9:69:f3:16:
                    64:a0:f8:17:ad:54:86:2c:e3:53:87:b0:c5:eb:ed:
                    db:38:9e:78:14:b4:b5:48:4b:b0:37:71:3a:25:cd:
                    66:82:7f:ed:a0:c3:36:be:3a:26:c2:a5:12:aa:13:
                    b4:18:c4:ea:2e:8b:ff:56:32:47:4a:a3:ff:d2:a8:
                    bd:9b:7b:6a:43:25:9f:d3:d4:a2:b2:cd:08:d8:91:
                    73:e3:75:f9:9d:94:7c:13:99:3a:3c:8e:da:a9:d6:
                    7d:f7:04:66:6e:90:c3:36:7a:c5:a6:b7:9d:09:f8:
                    97:11:91:74:61:0f:2c:99:d4:59:ac:69:fc:76:4d:
                    3a:49:4e:a9:91:3f:38:b1:ef:f5:2f:d9:63:d1:55:
                    1b:7b:1c:4d:7a:6f:c1:c8:67:c4:2b:6c:8c:09:98:
                    a5:9f:4e:64:e6:28:d0:47:74:9f:04:82:4f:b1:d6:
                    76:9e:8f:5d:07:57:02:95:08:ef:55:d9:28:25:38:
                    56:ad:b2:8c:2f:9b:53:1b:fd:dc:29:a6:93:c6:53:
                    91:84:77:0d:af:62:37:1c:83:63:6f:61:79:87:ec:
                    64:25:a6:6e:d3:3d:26:7c:8c:de:00:9a:54:b3:ba:
                    6a:50:f3:8a:89:f4:7b:62:a0:41:d3:04:9b:42:49:
                    29:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:AA:62:F0:AA:C2:57:D2:97:D5:73:1A:8A:FA:DD:F9:A4:AC:F2:2C
            X509v3 Authority Key Identifier:
                keyid:CF:5E:F7:A8:70:D4:B1:48:EB:1D:4F:4F:E6:66:ED:50:54:AD:EA:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z173qHDUsUjrHU9P5mbtUFSt6uw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/631521-d4b7-4f10-8c06-87aa285f807c/1/Dapi8KrCV9KX1XMaivrd-aSs8iw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/631521-d4b7-4f10-8c06-87aa285f807c/1/z173qHDUsUjrHU9P5mbtUFSt6uw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.20.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:05:03:5e:ef:57:fa:bf:59:1c:dd:91:52:c8:2b:a7:f3:d5:
         ca:d1:fd:87:93:32:8e:3f:9e:74:1b:cc:22:fb:6a:da:1c:aa:
         b9:e4:3b:d2:65:46:b8:d2:b9:cc:50:84:ba:9e:53:aa:dd:00:
         01:28:e1:69:50:74:06:0f:3d:69:14:0d:c3:b3:1f:62:d4:9c:
         17:81:59:42:7a:9f:4d:34:b0:55:ea:cd:57:cc:ab:1c:22:13:
         ae:0f:53:29:00:5e:35:ec:06:c2:c6:b1:13:a1:98:29:76:29:
         f9:71:63:19:4e:3d:3e:f6:89:f3:29:a2:70:41:35:b9:32:7f:
         77:94:f4:26:df:73:6e:8a:7e:32:5b:fd:1b:a1:03:a6:44:14:
         f3:77:b1:c7:14:e6:86:f5:5c:88:ba:28:95:d1:7b:87:30:78:
         89:9b:66:db:06:5c:f3:64:a1:9e:86:ec:dc:bb:6f:1e:2b:ed:
         a8:03:85:38:a7:75:9a:17:e9:cf:8d:c4:2c:a1:c9:c5:31:35:
         75:13:68:6b:78:23:20:22:e7:14:a6:22:db:71:6f:28:17:69:
         31:17:28:e3:85:c5:7e:98:88:cd:44:6e:ff:25:5d:a7:ee:3b:
         a9:1e:8f:6b:a2:4c:ae:e9:a2:00:2f:38:42:cd:d5:3d:ff:ea:
         4e:3d:7c:2d
-----BEGIN CERTIFICATE-----
MIIE7TCCA9WgAwIBAgICeaUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoY2Y1
ZWY3YTg3MGQ0YjE0OGViMWQ0ZjRmZTY2NmVkNTA1NGFkZWFlYzAeFw0yMjAzMDkx
MjE3NTFaFw0yMzA3MDEwMDAwMDBaMDMxMTAvBgNVBAMTKDBkYWE2MmYwYWFjMjU3
ZDI5N2Q1NzMxYThhZmFkZGY5YTRhY2YyMmMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC5doYAE4rVqQiK2WnzFmSg+BetVIYs41OHsMXr7ds4nngUtLVI
S7A3cTolzWaCf+2gwza+OibCpRKqE7QYxOoui/9WMkdKo//SqL2be2pDJZ/T1KKy
zQjYkXPjdfmdlHwTmTo8jtqp1n33BGZukMM2esWmt50J+JcRkXRhDyyZ1Fmsafx2
TTpJTqmRPzix7/Uv2WPRVRt7HE16b8HIZ8QrbIwJmKWfTmTmKNBHdJ8Egk+x1nae
j10HVwKVCO9V2SglOFatsowvm1Mb/dwpppPGU5GEdw2vYjccg2NvYXmH7GQlpm7T
PSZ8jN4AmlSzumpQ84qJ9HtioEHTBJtCSSkLAgMBAAGjggIJMIICBTAdBgNVHQ4E
FgQUDapi8KrCV9KX1XMaivrd+aSs8iwwHwYDVR0jBBgwFoAUz173qHDUsUjrHU9P
5mbtUFSt6uwwDgYDVR0PAQH/BAQDAgeAMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEF
BQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC96
MTczcUhEVXNVanJIVTlQNW1idFVGU3Q2dXcuY2VyMIGNBggrBgEFBQcBCwSBgDB+
MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9E
RUZBVUxUL2JlLzYzMTUyMS1kNGI3LTRmMTAtOGMwNi04N2FhMjg1ZjgwN2MvMS9E
YXBpOEtyQ1Y5S1gxWE1haXZyZC1hU3M4aXcucm9hMIGBBgNVHR8EejB4MHagdKBy
hnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JlLzYz
MTUyMS1kNGI3LTRmMTAtOGMwNi04N2FhMjg1ZjgwN2MvMS96MTczcUhEVXNVanJI
VTlQNW1idFVGU3Q2dXcuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYI
KwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDFI8wDQYJKoZIhvcNAQELBQADggEB
ACAFA17vV/q/WRzdkVLIK6fz1crR/YeTMo4/nnQbzCL7atocqrnkO9JlRrjSucxQ
hLqeU6rdAAEo4WlQdAYPPWkUDcOzH2LUnBeBWUJ6n000sFXqzVfMqxwiE64PUykA
XjXsBsLGsROhmCl2KflxYxlOPT72ifMponBBNbkyf3eU9Cbfc26KfjJb/RuhA6ZE
FPN3sccU5ob1XIi6KJXRe4cweImbZtsGXPNkoZ6G7Ny7bx4r7agDhTindZoX6c+N
xCyhycUxNXUTaGt4IyAi5xSmIttxbygXaTEXKOOFxX6YiM1Ebv8lXafuO6kej2ui
TK7pogAvOELN1T3/6k49fC0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:37 2024 by rpki-client on console-ams.rpki-client.org